aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorIngela Anderton Andin <[email protected]>2011-11-30 09:41:28 +0100
committerIngela Anderton Andin <[email protected]>2011-12-05 10:58:26 +0100
commitf1f1d43cf7766fed73d1b52a4f18bc0367ccbd1a (patch)
tree141f7ff9653f3c77bb09417899c8824ac114a549 /lib/ssl
parentb2484cf9df272c931c4aa815621d1fe8cb491961 (diff)
downloadotp-f1f1d43cf7766fed73d1b52a4f18bc0367ccbd1a.tar.gz
otp-f1f1d43cf7766fed73d1b52a4f18bc0367ccbd1a.tar.bz2
otp-f1f1d43cf7766fed73d1b52a4f18bc0367ccbd1a.zip
Do not do the 1/n-1 split for RC4 as it is not vulnerable to the Rizzo/Duong-Beast attack.
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/src/ssl_record.erl16
-rw-r--r--lib/ssl/test/ssl_basic_SUITE.erl85
2 files changed, 94 insertions, 7 deletions
diff --git a/lib/ssl/src/ssl_record.erl b/lib/ssl/src/ssl_record.erl
index f52d2f961c..830026c825 100644
--- a/lib/ssl/src/ssl_record.erl
+++ b/lib/ssl/src/ssl_record.erl
@@ -508,8 +508,12 @@ decode_cipher_text(CipherText, ConnnectionStates0) ->
%%
%% Description: Encodes data to send on the ssl-socket.
%%--------------------------------------------------------------------
-encode_data(Frag, Version, ConnectionStates) ->
- Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH, Version),
+encode_data(Frag, Version,
+ #connection_states{current_write = #connection_state{
+ security_parameters =
+ #security_parameters{bulk_cipher_algorithm = BCA}}} =
+ ConnectionStates) ->
+ Data = split_bin(Frag, ?MAX_PLAIN_TEXT_LENGTH, Version, BCA),
encode_iolist(?APPLICATION_DATA, Data, Version, ConnectionStates).
%%--------------------------------------------------------------------
@@ -588,11 +592,11 @@ record_protocol_role(client) ->
record_protocol_role(server) ->
?SERVER.
-%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast
-split_bin(<<FirstByte:8, Rest/binary>>, ChunkSize, Version) when {3, 1} == Version orelse
- {3, 0} == Version ->
+%% 1/n-1 splitting countermeasure Rizzo/Duong-Beast, RC4 chiphers are not vulnerable to this attack.
+split_bin(<<FirstByte:8, Rest/binary>>, ChunkSize, Version, BCA) when BCA =/= ?RC4 andalso ({3, 1} == Version orelse
+ {3, 0} == Version) ->
do_split_bin(Rest, ChunkSize, [[FirstByte]]);
-split_bin(Bin, ChunkSize, _) ->
+split_bin(Bin, ChunkSize, _, _) ->
do_split_bin(Bin, ChunkSize, []).
do_split_bin(<<>>, _, Acc) ->
diff --git a/lib/ssl/test/ssl_basic_SUITE.erl b/lib/ssl/test/ssl_basic_SUITE.erl
index fc91bf382f..e68a4c375d 100644
--- a/lib/ssl/test/ssl_basic_SUITE.erl
+++ b/lib/ssl/test/ssl_basic_SUITE.erl
@@ -259,7 +259,7 @@ all() ->
no_reuses_session_server_restart_new_cert_file, reuseaddr,
hibernate, connect_twice, renegotiate_dos_mitigate_active,
renegotiate_dos_mitigate_passive,
- tcp_error_propagation_in_active_mode
+ tcp_error_propagation_in_active_mode, rizzo, no_rizzo_rc4
].
groups() ->
@@ -3786,7 +3786,73 @@ tcp_error_propagation_in_active_mode(Config) when is_list(Config) ->
Pid ! {tcp_error, Socket, etimedout},
ssl_test_lib:check_result(Client, {ssl_closed, SslSocket}).
+%%--------------------------------------------------------------------
+
+rizzo(doc) -> ["Test that there is a 1/n-1-split for non RC4 in 'TLS < 1.1' as it is
+ vunrable to Rizzo/Dungon attack"];
+
+rizzo(Config) when is_list(Config) ->
+ Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(), Y =/= rc4_128],
+ run_send_recv_rizzo(Ciphers, Config, sslv3,
+ {?MODULE, send_recv_result_active_rizzo, []}),
+ run_send_recv_rizzo(Ciphers, Config, tlsv1,
+ {?MODULE, send_recv_result_active_rizzo, []}).
+
+no_rizzo_rc4(doc) ->
+ ["Test that there is no 1/n-1-split for RC4 as it is not vunrable to Rizzo/Dungon attack"];
+
+no_rizzo_rc4(Config) when is_list(Config) ->
+ Ciphers = [X || X ={_,Y,_} <- ssl:cipher_suites(),Y == rc4_128],
+ run_send_recv_rizzo(Ciphers, Config, sslv3,
+ {?MODULE, send_recv_result_active_no_rizzo, []}),
+ run_send_recv_rizzo(Ciphers, Config, tlsv1,
+ {?MODULE, send_recv_result_active_no_rizzo, []}).
+
+run_send_recv_rizzo(Ciphers, Config, Version, Mfa) ->
+ Result = lists:map(fun(Cipher) ->
+ rizzo_test(Cipher, Config, Version, Mfa) end,
+ Ciphers),
+ case lists:flatten(Result) of
+ [] ->
+ ok;
+ Error ->
+ test_server:format("Cipher suite errors: ~p~n", [Error]),
+ test_server:fail(cipher_suite_failed_see_test_case_log)
+ end.
+
+rizzo_test(Cipher, Config, Version, Mfa) ->
+ {ClientOpts, ServerOpts} = client_server_opts(Cipher, Config),
+ {ClientNode, ServerNode, Hostname} = ssl_test_lib:run_where(Config),
+ Server = ssl_test_lib:start_server([{node, ServerNode}, {port, 0},
+ {from, self()},
+ {mfa, Mfa},
+ {options, [{active, true}, {ciphers, [Cipher]},
+ {versions, [Version]}
+ | ServerOpts]}]),
+ Port = ssl_test_lib:inet_port(Server),
+ Client = ssl_test_lib:start_client([{node, ClientNode}, {port, Port},
+ {host, Hostname},
+ {from, self()},
+ {mfa, Mfa},
+ {options, [{active, true} | ClientOpts]}]),
+ Result = ssl_test_lib:check_result(Server, ok, Client, ok),
+ ssl_test_lib:close(Server),
+ ssl_test_lib:close(Client),
+ case Result of
+ ok ->
+ [];
+ Error ->
+ [{Cipher, Error}]
+ end.
+
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == rsa orelse KeyAlgo == dhe_rsa ->
+ {?config(client_opts, Config),
+ ?config(server_opts, Config)};
+client_server_opts({KeyAlgo,_,_}, Config) when KeyAlgo == dss orelse KeyAlgo == dhe_dss ->
+ {?config(client_dsa_opts, Config),
+ ?config(server_dsa_opts, Config)}.
+
%%--------------------------------------------------------------------
%%% Internal functions
%%--------------------------------------------------------------------
@@ -3807,6 +3873,23 @@ send_recv_result_active(Socket) ->
ok
end.
+send_recv_result_active_rizzo(Socket) ->
+ ssl:send(Socket, "Hello world"),
+ receive
+ {ssl, Socket, "H"} ->
+ receive
+ {ssl, Socket, "ello world"} ->
+ ok
+ end
+ end.
+
+send_recv_result_active_no_rizzo(Socket) ->
+ ssl:send(Socket, "Hello world"),
+ receive
+ {ssl, Socket, "Hello world"} ->
+ ok
+ end.
+
send_recv_result_active_once(Socket) ->
ssl:send(Socket, "Hello world"),
receive